OWASP iOSForensic - Tool to help in forensics analysis on iOS

OWASP iOSForensic is a python tool to help in forensics analysis on iOS.
It get files, logs, extract sqlite3 databases and uncompress .plist files in xml.

OWASP iOSForensic provides:

• Application's files
• Conversion of .plist files in XML
• Extract all databases
• Conversion of binary cookies
• Application's logs
• A List of all packages
• Extraction multiple packages

Options

• -h --help : show help message
• -a --about : show informations
• -v --verbose : verbose mode
• -i --ip : local ip address of the iOS terminal
• -p --port : ssh port of the iOS terminal (default 22)
• -P --password : root password of the iOS terminal (default alpine)

Examples:

./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP
./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2

Download OWASP iOSForensic

Read More

iRET - iOS Reverse Engineering Toolkit

iOS Reverse Engineering Toolkit o iRet es un conjunto de herramientas que ayudan al auditor de seguridad a llevar a cabo tareas comunes de forma automática. Dichas tareas se enfocan en análisis e ingeniería inversa de aplicaciones iOS, plataforma móvil de Apple (iPhone/iPad).

De entre las tareas que este toolkit es capaz de automatizar, tenemos:

• Binary Analysis (basado en otool)
• Keychain Analysis (keychain_dumper)
• Database Analysis (sqlite3)
• Log Viewer
• Plist Viewer
• Header Files
• Create, edit, save and build theos tweaks
• Display cached screenshots

Download iRET

Read More

[DVIA] Damn Vulnerable iOS Application

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.

This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try.

Vulnerabilities and Challenges Included

• Insecure Data Storage
• Jailbreak Detection
• Runtime Manipulation
• Transport Layer Security
• Client Side Injection
• Information Disclosure
• Broken Cryptography
• Application Patching

All these vulnerabilities and their solutions have been tested upto IOS 7.0.4.

Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

Download DVIA

Read More

[evasi0n7] iOS 7.x Jailbreak

Evasi0n Jailbreaking tools available for Apple iOS 7 users. This jailbreak utility/tool made by Evad3rs team after 3 months of iOS 7 launched. evasi0n is available for Mac and Windows, and is untethered. Here are the requirements posted on the evasi0n website:

• A computer, running Windows (XP minimum), Mac OS X (10.6 minimum) or Linux (x86 / x86_64)
• iTunes installed if you’re running Windows
• An iPhone, iPad or iPod running iOS 7.0 through 7.0.4 (you may check in Settings / General / About => Version)
• A USB cable to connect the device to the computer

evasi0n7 is an untethered jailbreak which supports iOS 7, iOS 7.0.1, iOS 7.0.2, iOS 7.0.3, iOS 7.0.4.

It is compatible with the following iOS 7.x.x devices:

• iPhone 5s, iPhone 5c, iPhone 5, iPhone 4S, iPhone 4, iPhone 3GS
• iPad Air, iPad 4, iPad 3, iPad 2
• Retina iPad mini, iPad mini
• iPod touch 5G

Download evasi0n7

Read More